1

(4 replies, posted in General discussion)

Connorhd wrote:

because there are losers out there with too much time on their hands hmm

im goingz to hackz uz wit my firewall!!!@!!!!@!!

smile I'm just kidding. You do have to admit, hot scripts could have done a better job at security.

Got some more mirrors for the download so you shouldn't have any problems now downloading this hack. If any of you want any specific hack let me know. I have tons of free time with nothing to do! sad

3

(4 replies, posted in PunBB 1.2 troubleshooting)

Rickard wrote:

Try removing all PHP scripts in the cache folder.

Thanks! That fixed it right up!

hcgtv wrote:

Got it from your first link, I think the link at punres is wrong, thanks.

My longest uptime was over 6 months but I needed a kernel upgrade for security reasons.

I used to run an uptime client and send info to http://uptimes.hostingwired.com/ but I found some info that the client wasn't that secure, so I stopped running it.

If you were to rate this hack on how secure it was on a scale of 1-10 (1 being insecure and 10 being secure) I would give it a 9. Two things should be changed in order to make it more secure.

1. The uptime, uname, userid, and password are all sent via the URL. The password is sent in plain text and then is converted to a hash on the server. You could fix this very easily. Here is how. Open uptime.php and go to line 15. You should see this:

 
$password = sha1($_GET['password']);

Modify this and remove the sha1() part so it should now look like this

$password = $_GET['password'];

Now save the file and you're done! Now instead of putting the plain text password in the shell script where it says password=FORUMPASSWORDHERE (instead of the plain text password as the script tells you to put) you need to place the sha1 hash of your plain text password. You can get the hash by downloading some kind of tool allowing you to convert plain text into a sha1 hash or you can use the below PHP script or check out snarkles.net.

<?php

if(isset($_GET['sha1']) { echo "Hash: ".sha1($_GET['sha1']); exit(); }  ?>

<html>
<head><title>Text to Sha1 Hash</title></head>
<body>
<form action="<?php echo __file__; ?>" method="get">
<p>Text to convert: <input type="text" name="sha1"></p>
<input type="submit" value="Submit"><input type="reset" value="Reset">
</form>
</body>
</html>

2.Due to the fact that the shell script source code can be viewed, some cheaters ( like me tongue ) could modify thier uptime and uname data in their profile and make it appear like they have had their system running longer then it really has been. This really isn't a security risk and isn't really a problem at all really. You could fix this by making a C program to do the same job as the shell script. I like the shell script better though for several reasons and to be honest no one has really cheated with this script on the forums I have this installed on. I think most Linux users are honest. It's the BSD/Mac users you have to watch out for. wink

Really my script is very secure! smile

hcgtv wrote:

Jordan, the download link is not working.

10:22:08 up 24 days, 10:42,  1 user,  load average: 0.00, 0.00, 0.00
Linux giga 2.6.8-1-686 #1 Thu Nov 25 04:34:30 UTC 2004 i686 GNU/Linux

Strange it works fine for me. You may want to try http://www.jelly-soft.com/~jordiej/Uptime%20Hack.zip if you live outside of the United States. For some reason people from some countries are having problems downloading it. If that still doesn't work then go to http://www.geocities.com/jordie0868/dow … ptime.html to download it from a geocities server and please let me know if the alternative url doesn't work above.

Btw, my longest uptime was only 5 days! sad

6

(4 replies, posted in PunBB 1.2 troubleshooting)

Rickard wrote:

There obviously is a cache.php in the include folder. That's where the error occured. Also, you should not chmod the include folder, but the cache folder.

Maybe I should have explained myself better. I have been getting two errors that invovle the file "cache.php." One error said the file /cache/cache.php and one error was the one above. The chmod on both folders is 777 (just until the issue is resolved) and there only exist a cache.php in the includes folder and not the cache folder.

Can  you please give me a in-depth soultion to this problem? I would appreciate it. smile

Connorhd wrote:

why should it be in the user profile? its about the forum not the user

Yes Rickard is right. It's for users running Linux, Unix, BSD or Mac OS (10 or greater). Windows currently isn't supported but will be supported in the next version of this mod.

Also, I think you thought that it's a hack to display the servers uptime and uname data. I wouldn't put that in the profile. I already put this on my forum and stuck it on the index as the below image shows.

http://img183.exs.cx/img183/5973/untitled3gj.png

If you do look at the screenshot ignore the number of users online and the number of registered users online. I made that a random number each time the page is loaded this way people think our forums are big and are very active. smile They could always find out by clicking "Member list" at the top or take a look at how many topics we have.

8

(4 replies, posted in PunBB 1.2 troubleshooting)

For the last month I have been hacking PunBB to fit the needs of my site I am working on that is to be released next month. When I change a setting in the AdminCP I always get an error message that invovles the file, "cache.php." Please someone tell me what is going on. Here is one of the messages I have gotten.

An error was encountered
File: /home/linux/public_html/forums/include/cache.php
Line: 175

PunBB reported: Unable to write quickjump cache file to cache directory. Please make sure PHP has write access to the directory 'cache'

There is no cache.php in the /include/ folder and on top of that the /include/ folder has the chmod of 777!

Jordan

I have for the last month now been hacking the PunBB code for a site I am working on that is dedicated to the Linux OS. This hack I developed not to long ago and thought I would share it with the world. You can find this hack on Punres at -> http://www.punres.org/viewtopic.php?pid=663#663

This hack will allow a user to display the uptime and uname data in the users profile. If you don't know what uptime and uname data is please search google for, "man uptime" and "man uname" to find more information on what I am talking about. Here is a screenshot of my forums with the hack installed.

http://img173.exs.cx/img173/6625/hackscreenshot5fu.png

If you find any bugs in this hack please send me an email at jOrdi3.tar.gz <at> gmail.com. I would appreciate any input on this mod and would love to see someone install it and use it on their forums. smile